From mboxrd@z Thu Jan 1 00:00:00 1970 From: Amit Shah Subject: [PATCH v3 0/9] virtio: console: fixes for bugs and races with unplug Date: Thu, 25 Jul 2013 19:28:40 +0530 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: virtualization-bounces@lists.linux-foundation.org Errors-To: virtualization-bounces@lists.linux-foundation.org To: Virtualization List Cc: Amit Shah List-Id: virtualization@lists.linuxfoundation.org Hello, This series fixes a few bugs and races with port unplug and the various file operations: read(), write() and close(). I started coding up an alternative locking mechanism based on the discussion earlier in this series, but some of what we already have has to remain, and the new code is sufficiently different, so I'd rather it bakes for a while, and I ensure there are no regressions wrt the tests I have so far for a while as well. Hopefully this will be in time for the next merge window. There's one use-after-free I spotted after sending the first two versions: port_fops_release() calls send_control_msg(), which spins till the host acknowledges receipt of the buffer. While it's spinning, if the device gets unplugged, the vqs go away, and the spinning function never progresses, causing a softlockup. This is difficult to reproduce -- the host usually acknowledges the buffers fast enough. A couple of solutions for this case are possible: 1. Mark the control vq in use, and don't proceed with unplug till it's marked unused, 2. Similar to the various port-specific i and o vqs, don't spin, but queue the buffer and wait for the host to let us know it's done with it. 2nd is easier to implement, but 1st fits with the way I'm thinking of restructuring the locking. I'm not yet decided on which approach to take, will think over it. Other than that, this series does fix all the bugs I see with the tests I have. Indeed, the patches marked for stable@ fix all the bugs too, and the other ones on top add locking where shared structures are being used. Please review and apply if appropriate, v3 * remove patch 5, "update private_data in struct file only on successful open" (Rusty) * remove patch 6, "fix race in port_fops_poll() and port unplug", (Rusty) * remove CC: stable from patches without reproducers v2 * add patch 11: Jason found a use-after-free in port unplug * patch 7 introduced a regression where the wake_up_interruptible was done before guest_connected and host_connected were set to false Amit Shah (9): virtio: console: fix race with port unplug and open/close virtio: console: fix race in port_fops_open() and port unplug virtio: console: clean up port data immediately at time of unplug virtio: console: fix raising SIGIO after port unplug virtio: console: return -ENODEV on all read operations after unplug virtio: console: add locks around buffer removal in port unplug path virtio: console: add locking in port unplug path virtio: console: fix locking around send_sigio_to_port() virtio: console: prevent use-after-free of port name in port unplug drivers/char/virtio_console.c | 64 +++++++++++++++++++++++++++---------------- 1 file changed, 40 insertions(+), 24 deletions(-) -- 1.8.1.4